Re: [cryptography] STARTTLS for HTTP

* Tom Ritter: I've been watching various efforts at widespread opportunistic encryption, like TCPINC and STARTTLS in SMTP. It's made me wonder why it isn't used for HTTP. What's the point? Anything that speaks HTTP also speaks HTTPS, so there's no need for the If you support it, I have TLS

Re: [cryptography] [Cryptography] STARTTLS for HTTP

Firefox users are probably going to keep using Firefox. Chrome users are probably going to keep using Chrome. Opera users use Opera because of it's nice little features. IE users are likely using a pirated version of Windows and live in China. https://en.wikipedia.org/wiki/Brand_loyalty The

Re: [cryptography] STARTTLS for HTTP

It would be secure against wifi eavesdropping. But worse it might instill a false sense of security. On Mon, Aug 18, 2014 at 9:29 PM, Tony Arcieri basc...@gmail.com wrote: Anyone know why this hasn't gained adoption? http://tools.ietf.org/html/rfc2817 I've been watching various efforts at

Re: [cryptography] [Cryptography] STARTTLS for HTTP

Forgotten link added below... On 19/08/14 11:57, Stephen Farrell wrote: Hiya, On 19/08/14 07:09, Ryan Carboni wrote: It would be secure against wifi eavesdropping. But worse it might instill a false sense of security. Well, protocols don't do that, but user agents (browsers in this

Re: [cryptography] STARTTLS for HTTP

On 18 August 2014 23:29, Tony Arcieri basc...@gmail.com wrote: Anyone know why this hasn't gained adoption? http://tools.ietf.org/html/rfc2817 I've been watching various efforts at widespread opportunistic encryption, like TCPINC and STARTTLS in SMTP. It's made me wonder why it isn't used

Re: [cryptography] STARTTLS for HTTP

On 8/19/14, Tom Ritter t...@ritter.vg wrote: On 18 August 2014 23:29, Tony Arcieri basc...@gmail.com wrote: Anyone know why this hasn't gained adoption? http://tools.ietf.org/html/rfc2817 I've been watching various efforts at widespread opportunistic encryption, like TCPINC and STARTTLS in

Re: [cryptography] STARTTLS for HTTP

On 8/19/2014 12:29 AM, Tony Arcieri wrote: Anyone know why this hasn't gained adoption? http://tools.ietf.org/html/rfc2817 I've been watching various efforts at widespread opportunistic encryption, like TCPINC and STARTTLS in SMTP. It's made me wonder why it isn't used for HTTP.

[cryptography] STARTTLS for HTTP

Anyone know why this hasn't gained adoption? http://tools.ietf.org/html/rfc2817 I've been watching various efforts at widespread opportunistic encryption, like TCPINC and STARTTLS in SMTP. It's made me wonder why it isn't used for HTTP. Opportunistic encryption could be completely transparent.